Incorrect Vote Tallying in vote Function
Vulnerable Code:
if (!table::contains(&grow_project.vote_detail, sender())){
table::add(&mut grow_project.vote_detail, sender(), coin_value)
} else {
*table::borrow_mut(&mut grow_project.vote_detail, sender()) + coin_value;
}
Description:
The vote function in the grow_information.move module is designed to record votes cast by users for various projects. However, the code intended to update the vote count for an existing voter does not perform the update correctly.
The line *table::borrow_mut(&mut grow_project.vote_detail, sender()) + coin_value; attempts to add coin_value to the existing value but fails to store the result back into the table.
This oversight results in the vote count not being updated, leading to inaccurate vote tallies.
Impact:
Incorrect Vote Tallying: Votes are not accumulated correctly, leading to an inaccurate representation of user participation.
Misleading Results: The incorrect vote count can mislead stakeholders and affect decisions based on these results.
User Frustration: Users may become frustrated if their votes do not appear to be counted, leading to a loss of trust.
Potential Exploits: Malicious actors could exploit this flaw to manipulate voting outcomes by repeatedly voting without the system properly updating the vote count.
Reputation Damage: The integrity of the voting process is crucial for maintaining trust. If stakeholders or the public become aware of the issue, it could harm the platform's reputation.
Severity: critical
This issue is classified as critical severity due to its impact on core functionality, data integrity, user trust, potential for exploitation, and reputational risk.
Attack Scenario:
Discovery: An attacker discovers that the vote tallying mechanism does not update correctly.
Exploitation: The attacker repeatedly votes, knowing that the system will not correctly update the vote count.
Manipulation: By exploiting this flaw, the attacker can skew voting results to their advantage or disrupt the voting process.
Outcome: The manipulated results lead to incorrect decisions or outcomes based on the flawed vote tally.
Proof of Concept (PoC):
To demonstrate the issue, an attacker can execute the following steps:
Setup: Deploy the grow_information.move module on a test network.
Exploit: Execute the following Move script to repeatedly vote without the system updating the vote count:
script {
use grow_bitcoin::grow_information_v2;
fun main(account: &signer) {
let grow_project_obj = /* obtain reference to a GrowProject object */;
let grow_project_list_obj = /* obtain reference to a GrowProjectList object */;
let grow_value = 100; // Arbitrary vote value
// Repeatedly call the vote_entry function
for _ in 0..10 {
grow_information_v2::vote_entry(account, &mut grow_project_obj, &grow_project_list_obj, grow_value);
}
}
}
Observation: Monitor the vote counts and observe that they do not reflect the repeated votes accurately.
Fixed Code:
To fix the issue, ensure that the vote count is updated correctly by using the += operator:
if (!table::contains(&grow_project.vote_detail, sender())){
table::add(&mut grow_project.vote_detail, sender(), coin_value)
} else {
let current_value = table::borrow_mut(&mut grow_project.vote_detail, sender());
*current_value += coin_value;
}
Recommendations:
Correct the Update Logic: Modify the code to correctly update the vote count by using += to accumulate votes.
nathanogaga118 Reporter
Incorrect Vote Tallying in vote Function
Vulnerable Code:
if (!table::contains(&grow_project.vote_detail, sender())){
table::add(&mut grow_project.vote_detail, sender(), coin_value)
} else {
*table::borrow_mut(&mut grow_project.vote_detail, sender()) + coin_value;
}
Description:
The vote function in the grow_information.move module is designed to record votes cast by users for various projects. However, the code intended to update the vote count for an existing voter does not perform the update correctly.
The line *table::borrow_mut(&mut grow_project.vote_detail, sender()) + coin_value; attempts to add coin_value to the existing value but fails to store the result back into the table.
This oversight results in the vote count not being updated, leading to inaccurate vote tallies.
Impact:
Incorrect Vote Tallying: Votes are not accumulated correctly, leading to an inaccurate representation of user participation.
Misleading Results: The incorrect vote count can mislead stakeholders and affect decisions based on these results.
User Frustration: Users may become frustrated if their votes do not appear to be counted, leading to a loss of trust.
Potential Exploits: Malicious actors could exploit this flaw to manipulate voting outcomes by repeatedly voting without the system properly updating the vote count.
Reputation Damage: The integrity of the voting process is crucial for maintaining trust. If stakeholders or the public become aware of the issue, it could harm the platform's reputation.
Severity: critical
This issue is classified as critical severity due to its impact on core functionality, data integrity, user trust, potential for exploitation, and reputational risk.
Attack Scenario:
Discovery: An attacker discovers that the vote tallying mechanism does not update correctly.
Exploitation: The attacker repeatedly votes, knowing that the system will not correctly update the vote count.
Manipulation: By exploiting this flaw, the attacker can skew voting results to their advantage or disrupt the voting process.
Outcome: The manipulated results lead to incorrect decisions or outcomes based on the flawed vote tally.
Proof of Concept (PoC):
To demonstrate the issue, an attacker can execute the following steps:
Setup: Deploy the grow_information.move module on a test network.
Exploit: Execute the following Move script to repeatedly vote without the system updating the vote count:
script {
use grow_bitcoin::grow_information_v2;
}
Observation: Monitor the vote counts and observe that they do not reflect the repeated votes accurately.
Fixed Code:
To fix the issue, ensure that the vote count is updated correctly by using the += operator:
if (!table::contains(&grow_project.vote_detail, sender())){
table::add(&mut grow_project.vote_detail, sender(), coin_value)
} else {
let current_value = table::borrow_mut(&mut grow_project.vote_detail, sender());
*current_value += coin_value;
}
Recommendations:
Correct the Update Logic: Modify the code to correctly update the vote count by using += to accumulate votes.